Problembeschreibung

Multiple vulnerabilities has been found and corrected in mysql:

The server failed to check the table name argument of a COM_FIELD_LIST
command packet for validity and compliance to acceptable table name
standards. This could be exploited to bypass almost all forms of
checks for privileges and table-level grants by providing a specially
crafted table name argument to COM_FIELD_LIST (CVE-2010-1848).

The server could be tricked into reading packets indefinitely if
it received a packet larger than the maximum size of one packet
CVE-2010-1849).

The server was susceptible to a buffer-overflow attack due to a
failure to perform bounds checking on the table name argument of a
COM_FIELD_LIST command packet. By sending long data for the table name,
a buffer is overflown, which could be exploited by an authenticated
user to inject malicious code (CVE-2010-1850).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program.
Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490